package cn.iocoder.moyun.framework.websocket.core.security;

import cn.iocoder.moyun.framework.websocket.config.WebSocketProperties;
import cn.iocoder.moyun.framework.security.config.AuthorizeRequestsCustomizer;
import lombok.RequiredArgsConstructor;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;

/**
 * WebSocket 的权限自定义
 * 负责为 WebSocket 端点的 HTTP 握手请求配置 Spring Security 权限，通过 permitAll() 确保握手请求不被阻止
 * 同时保留自定义的 token 认证逻辑（由 TokenAuthenticationFilter 和 LoginUserHandshakeInterceptor 处理）
 * 它解决了 Spring Security 对 WebSocket 握手请求的限制问题，是集成 Spring Security 的 WebSocket 功能的关键组件
 */
@RequiredArgsConstructor
public class WebSocketAuthorizeRequestsCustomizer extends AuthorizeRequestsCustomizer {

    private final WebSocketProperties webSocketProperties;

    @Override
    public void customize(AuthorizeHttpRequestsConfigurer<HttpSecurity>.AuthorizationManagerRequestMatcherRegistry registry) {
        registry.requestMatchers(webSocketProperties.getPath()).permitAll();
    }

}
